At present, Requests For Comments (RFC) 3588 and 6733, two versions of a Diameter base protocol′ released by an Internet Engineering Task Force (IETF), provide a universal Authentication, Authorization and Accounting (AAA) signaling support for a Long Term Evolution (LTE)/Evolved Packet Core (EPC)/Policy and Charging Control (PCC) network. It is defined in the ‘Diameter base protocol’ that a role of a Diameter node in a network is various types of agents, in which the various types of agents may include a Relay agent, a proxy agent, a redirect agent and a translate agent, each type of agents maintain a transaction state, and each type of agents except relay agents also maintain a session state.
Because an increasing number of users are using a fourth generation of mobile telecommunication technology (4G), there is an explosive increase in a quantity of the Diameter signaling in an LTE/EPC/PCC network. To deal with this situation, operators construct, by imitating an SS7 signaling network, a Diamater signaling network with Diameter routing agents (DRA) to dredge Diameter signaling.
FIG. 1 is a schematic diagram illustrating a construction of a network-over-network (that is, a Diameter signaling transfer network) over an IP network according to the related art. As shown in FIG. 1, service nodes can directly access each other via a Diameter signaling even in an absence of a DRA. Thus, a DRA signaling transfer network is a network-over-network constructed on an Internet Protocol (IP) bearing network. FIG. 2 is a schematic diagram illustrating a division of a Diameter signaling transfer network into an international layer and a domestic layer according to the related art. As shown in FIG. 2, Diameter signaling networks are classified into international Diameter signaling networks and domestic Diameter signaling networks, a Update Location Request (ULR) of a Mobility Management Entity (MME) located in a roamed country is transferred to an iDRA1 of an international DRA signaling transfer network located in the roamed country via a DRA signaling transfer network of a roamed country, then subsequently transferred to an iDRA2 located in a home country and a DRA signaling transfer network of the home country and last delivered to a Home Subscriber Server (HSS) in the home country, and in FIG. 2, a ULR message is transferred by DRAs for six times.
Diameter nodes are coupled with each other based on a Stream Control Transmission Protocol (SCTP) or connected with each other based on a Control Transmission Protocol (TCP) to serve as a data bearing link, Diameter nodes can negotiate with each other about capability through an interaction of a Capabilities Exchange Request (CER) message and a Capabilities Exchange Answer (CEA) message, and diameter nodes can detect and restore a signaling link through the interaction of a Device Watchdog Request (DER) message and a Device Watchdog Answer (DEA) message, thereby forming a Diameter signaling link layer. A Realm Routing Table provides a network route for a Diameter request message; a universal implementation framework is provided for each application interface through a Diameter transaction processing (a Diameter transaction may include a request message and a corresponding response message) and a Diameter session processing (a Diameter session may include one or more transactions which have the same Session ID). FIG. 3 is a schematic diagram illustrating protocol layers of a DRA network based on an OSI model according to the related art. As shown in FIG. 3, refer to a seven-layer model proposed by an International Organization for Standardization (ISO) for Open Systems Interconnect (OSI), SCTP, which belongs to a transaction layer in an IP network, is only a part of a signaling link layer in a Diameter signaling transfer network or a SigTran network. A Realm Routing Table in a DRA network layer only provides a route for a request message, an ACK message is returned along a path along which the request message is transmitted, conducting no route analysis for the ACK message.
In addition to the seven-layer model for the OSI, the ISO also provides a standard model for a transfer of a message in a network. When a message is transferred in a network, an intermediate node (that is, a signaling transfer node) only provides functions of a network layer, and only transaction layers and layers above transaction layers are ‘end-to-end’. FIG. 4 is a schematic diagram illustrating a standard model for a transfer of a signaling between service nodes based on an OSI model according to the related art. As shown in FIG. 4, intermediate nodes can transfer a signaling through a network layer, and only transaction layers and layers above transaction layers are ‘end-to-end’. IP networks, SS7 networks and SigTran networks all conform to this model.
However, in a case where a network is constructed with Diameter nodes, apart from functioning as an intermediate node, a DRA also functions as a transaction layer and even a session layer.
FIG. 5 is a schematic diagram illustrating a signaling transfer mode 1 used in the related art to transfer a signaling between Diameter service nodes through a DRA which only maintains a transaction state. As shown in FIG. 5, an intermediate node forwards a message on a transaction layer and maintains a processing of the transaction layer. FIG. 6 is a schematic diagram illustrating a signaling transfer mode 2 used in the related art to transfer a signaling between Diameter service nodes through a DRA which only maintains a transaction state and a session state. As shown in FIG. 6, an intermediate node forwards a message on a session layer and maintains a processing of a transaction layer and that of a session layer. However, functions of a network layer function are not completely provided in either of FIG. 5 and FIG. 6, that is, a response message needs to be returned along a path along which a request message is transmitted but not routed separately.
A provision of transaction management by a DRA which is a signaling transfer node is actually a defect. Because a DRA needs to maintain a transaction state, all the transactions born by the DRA fail once the DRA is out of service. To cope with this problem, a currently adoptable scheme is as follows: for a failed transaction, a Diameter client or a DRA resends a transaction request message (in a case where a timer for waiting for a Diameter response expires) or reselects a route (in a case where a response carrying a failure code is received when waiting for an ACK response) to select another DRA node for another attempt.
A problem that a Diameter response message cannot be routed separately is solved through the message being resent on a transaction layer or a route reselection scheme has the following defects:
(1) when a DRA serving as an intermediate node is out of service, transaction resources corresponding to all the intermediate nodes and all the service nodes passed by any transaction maintained by the DRA are temporarily suspended until a transaction protection timer of each of these nodes expires or a failure ACK message is received. Because a out-of-service DRA may synchronously transfer thousands and tens of thousands of transactions, this temporary suspension affects transaction resources of all the nodes in the whole Diameter network;
(2) once a transaction timer expires, a Diameter client or a DRA node will resend a request message (a flag ‘N’ is set for a resent request message), a great number of resent request messages will cause a big impact to the whole Diameter signaling network. When the out-of-service DRA has a load sharing node, then the load sharing node bears, apart from a load of the load sharing node, a load of the out-of-service DRA as well as a signaling load caused by a resending of each message, thus, the load is sharply increased by three times in a short time. An impact to a network is worse when resending is launched for many times or a plurality of nodes conducts a resending operation;
(3) a transaction resource (and a session resource) of a DRA node may become a bottleneck and consequentially become an unintentional or a hostile attacker. For example, a Home Location Register (HLR) making no response to an REQ message is equivalent to a Deny of Service (DoS) attack which can occupy all transaction resources within several seconds and consequentially disenable a normal forwarding of another transaction.